IAO-04
Threat Analysis & Flaw Remediation During Development
Description
Mechanisms exist to require system developers and integrators to create and execute a Security Testing and Evaluation (ST&E) plan, or similar process, to identify and remediate flaws during development.
Control Question
Does the organization require system developers and integrators to create and execute a Security Testing and Evaluation (ST&E) plan to identify and remediate flaws during development?
Control Metadata
Domain:
Information Assurance
Validation Cadence:
Annual
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
5.7.5
HKIA GL20
5.15.25.35.45.55.65.7